October Patch Tuesday Fails Hard — Windows Update Considered Harmful?
None
<h5 style="text-align: center;"><a href="#sbbwis"><img decoding="async" class="alignright size-full" title="Geraldine le Meur (cc:by)" src="https://securityboulevard.com/wp-content/uploads/2025/10/satya-nadella-solarized-richixbw-geraldine-le-meur-cc-by.png" alt="Microsoft CEO Satya Nadella" width="192" height="75"></a><strong>Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions.</strong></h5><p><strong>Microsoft’s Windows security update rollup is badly buggy this month.</strong> Post-patch, the WinRE recovery environment doesn’t work with most keyboards and mice. And a fix for a cryptography bypass bug is causing failures at several enterprises, requiring rollbacks or registry edits to resolve.<br><!--br--><br><strong>It’s leading to inevitable concerns about the Windows dev process.</strong> In today’s <a href="https://securityboulevard.com/tag/sb-blogwatch/" target="_blank" rel="noopener">SB Blogwatch</a>, we grab a Linux ISO.<br><!--br--><br><a title="Richi Jennings" href="https://www.richi.uk/" target="_blank" rel="noopener">Your humble blogwatcher</a> curated these bloggy bits for your entertainment. Not to mention: <i>Best of</i>.<br><!--br--></p><h2>Satya Fiddles While Redmond Burns?</h2><p id="sbbw1"><strong>What’s the craic?</strong> Taryn Plumb asks, <a title="read the full text" href="https://www.csoonline.com/article/4076016/security-patch-or-self-inflicted-ddos-microsoft-update-knocks-out-key-enterprise-functions-2.html" target="_blank" rel="ugc noopener">Security patch or self-inflicted DDoS?</a></p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p style="padding-left: 40px;"><strong>“<tt>KB5066835</tt>”</strong><br>An October 2025 Microsoft Windows security update is wreaking havoc on enterprises, impacting multiple systems. … The update in KB5066835 was intended to strengthen Windows cryptography, … but users may now be experiencing issues [that] impact … Windows 10 (version 22H2), Windows 11 (versions 23H2, 24H2, and 25H2), and Windows Server (2012, 2016, 2022, and 2025).<br>…<br>Smart card authentication and certificate issues include smart cards not being recognized as Cryptographic Service Providers (CSPs) in 32-bit applications, users’ inability to digitally sign documents, and failures in apps relying on certificate-based authentication. … Users can resolve it by modifying the DisableCapiOverrideForRSA registry key [to “0”].<br>…<br>Update KB5066835 can also cause USB … keyboards and mice to malfunction in WinRE, preventing navigation in recovery mode. … Microsoft has now released an out-of-band update, KB5070773, to address the issue.<br><!-----------------------------------------------------------------------------></p><p id="sbbw2"><strong>What’s going on?</strong> Sergiu Gatlan has deets: <a title="read the full text" href="https://www.bleepingcomputer.com/news/microsoft/microsoft-october-security-updates-cause-windows-smart-card-auth-issues/" target="_blank" rel="ugc noopener">Microsoft warns of Windows smart card auth issues after October updates</a></p><p style="padding-left: 40px;"><strong>“<tt>Failures</tt>”</strong><br>This month’s security updates are automatically enabling by default a security fix designed to address a security feature bypass vulnerability (CVE-2024-30098) in the Windows Cryptographic Services, built-in Windows service that handles security-related and cryptographic operations. … The DisableCapiOverrideForRSA registry key … isolate[s] cryptographic operations from the Smart Card implementation and block[s] attackers from creating a SHA1 hash collision to bypass digital signatures.<br>…<br>Affected users may observe various symptoms, from the inability to sign documents and failures in applications that use certificate-based authentication to smart cards not being recognized as CSP providers (Cryptographic Service Provider) in 32-bit apps. They can also see “invalid provider type specified” and “CryptAcquireCertificatePrivateKey error.” error messages.<br><!-----------------------------------------------------------------------------></p><p id="sbbw5"><strong>What’s been happening on the ground?</strong> <a title="read the full text" href="https://forums.theregister.com/forum/all/2025/10/20/microsoft_bug_keyboard_mouse/#c_5165174" target="_blank" rel="ugc noopener">Sir Jon</a> had a heck of a time with it:</p><p style="padding-left: 40px;">Ran into this issue this weekend. First Windows’ latest update wouldn’t install. Did the normal checks and ran dsim for corrupted files. Rebooted and critical service failure. Rebooted into winre and asked for bitlocker. So unable to decrypt the drive.<br>…<br>In the end had to create a windows-to-go usb, decrypt the drive, then go to the backup from my NAS. … Thanks Microsoft for wasting my time. They’ve really got to get some proper programmers … that don’t rely on AI.<br><!-----------------------------------------------------------------------------></p><p id="sbbw4"><strong>AI, you say?</strong> <a title="read the full text" href="https://news.ycombinator.com/item?id=45635821" target="_blank" rel="ugc noopener">izacus</a> sounds <i>slightly</i> sarcastic:</p><p style="padding-left: 40px;">Wonder if they used Copilot for coding those features and then AI to review them. I bet the productivity of the engineers was off the charts for that one.<br><!-----------------------------------------------------------------------------></p><p id="sbbw6"><strong>It’s not a good look.</strong> Here’s <a title="read the full text" href="https://it.slashdot.org/comments.pl?sid=23825322&cid=65737586" target="_blank" rel="ugc noopener">gweihir</a>’s spittle flecked reaction:</p><p style="padding-left: 40px;">How utterly incompetent can MS get? Apparently, this was not tested. And this is a “you are ****ed”-level bug. … Welcome to amateur-hour. At the same time, Linux recovery … continues to work just fine.<br><!-----------------------------------------------------------------------------></p><p id="sbbw7"><strong>You might think the solution is to wait a week or two before updating.</strong> But <a title="read the full text" href="https://www.reddit.com/r/Windows11/comments/1oa2nm8/comment/nk8gszb/" target="_blank" rel="ugc noopener">u/IridiumIO</a> has bad news for you:</p><p style="padding-left: 40px;">No one … knows whether an update breaks anything or not. You upgrade to a new version, and over the next month nothing breaks so you think you’re in the clear. Then MS flips an internal switch and all of a sudden everything’s broken. You haven’t installed any new updates in that time, so you have no clear correlation for what actually broke things.<br><!-----------------------------------------------------------------------------></p><p id="sbbw8"><strong>At least there are fixes.</strong> However, <a title="read the full text" href="https://forums.theregister.com/forum/all/2025/10/20/microsoft_bug_keyboard_mouse/#c_5165568" target="_blank" rel="ugc noopener">Hugo Rune</a> has more bad news:</p><p style="padding-left: 40px;">KB5070773 emergency replacement for this update is still failing to install.<br><!-----------------------------------------------------------------------------></p><p id="sbbw10"><strong>Should we do something different?</strong> Yes, said <a title="read the full text" href="https://slashdot.org/~MachineShedFred" target="_blank" rel="ugc noopener">MachineShedFred</a>:</p><p style="padding-left: 40px;">[Don’t] run Windows on bare metal if you don’t have to. … The best way to fix Microsoft products is to virtualize them. … Minor overhead increase on the CPU that is never pegged in exchange for a dead-simple way to roll back ****ty updates with ZFS snapshots.<br><!-----------------------------------------------------------------------------></p><p id="sbbw12"><strong>Meanwhile,</strong> <a title="read the full text" href="https://www.reddit.com/r/Windows11/comments/1oa2nm8/comment/nk8t8ph/" target="_blank" rel="ugc noopener">u/soru_baddogai</a> unapologetically sums up their feels:</p><p style="padding-left: 40px;">Satya Nadella has destroyed this company.<br><!-----------------------------------------------------------------------------></p><p><b><a title="And Finally" href="https://www.youtube.com/watch?v=B2ntQ60oSTg" target="_blank" rel="noopener">2023</a> (flashing images)</b><script async defer src="https://scripts.withcabin.com/hello.js"></script><!-- zero-cookie analytics privacy: https://withcabin.com/privacy/securityboulevard.com --></p><p>This month, we’re reprising the best of And Finally (because reasons).</p><p><a href="https://www.youtube.com/playlist?list=PL9zSC5i495YMjIuJjxToNGU8Ve7Gd5Rvj" target="_blank" rel="noopener">Previously in <em>And Finally</em></a></p><hr><p><em>You have been reading <i>SB Blogwatch</i> by <a href="https://www.richi.uk/" target="_blank" rel="noopener">Richi Jennings</a>. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to <a href="https://twitter.com/richi" target="_blank" rel="ugc noopener">@RiCHi</a>, <a href="https://threads.net/@richij" target="_blank" rel="ugc noopener">@richij</a>, <a href="https://vmst.io/@richi" target="_blank" rel="ugc noopener">@<span class="__cf_email__" data-cfemail="85f7ece6edecc5f3e8f6f1abecea">[email protected]</span></a>, <a href="https://bsky.app/profile/richi.bsky.social" target="_blank" rel="ugc noopener">@richi.bsky.social</a> or <a href="/cdn-cgi/l/email-protection#691a0b0b1e291b000a0100470a06471c02561a1c0b030c0a1d54441a0b0b1e44"><span class="__cf_email__" data-cfemail="f784959580b7859e949f9ed9829c">[email protected]</span></a>. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.</em></p><p>Image sauce: <a href="https://www.flickr.com/photos/leweb3/11315186824/" target="_blank" rel="noopener" name="sbbwis">Geraldine le Meur</a> (<a title="Some rights reserved" href="https://creativecommons.org/licenses/by/2.0/" target="_blank" rel="ugc noopener">cc:by</a>; leveled and cropped)</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/10/patch-tuesday-fail-richixbw/" data-a2a-title="October Patch Tuesday Fails Hard — Windows Update Considered Harmful?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fpatch-tuesday-fail-richixbw%2F&linkname=October%20Patch%20Tuesday%20Fails%20Hard%20%E2%80%94%20Windows%20Update%20Considered%20Harmful%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fpatch-tuesday-fail-richixbw%2F&linkname=October%20Patch%20Tuesday%20Fails%20Hard%20%E2%80%94%20Windows%20Update%20Considered%20Harmful%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fpatch-tuesday-fail-richixbw%2F&linkname=October%20Patch%20Tuesday%20Fails%20Hard%20%E2%80%94%20Windows%20Update%20Considered%20Harmful%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fpatch-tuesday-fail-richixbw%2F&linkname=October%20Patch%20Tuesday%20Fails%20Hard%20%E2%80%94%20Windows%20Update%20Considered%20Harmful%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fpatch-tuesday-fail-richixbw%2F&linkname=October%20Patch%20Tuesday%20Fails%20Hard%20%E2%80%94%20Windows%20Update%20Considered%20Harmful%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>